The rising rate of cyberattacks and data breaches across the globe arising from widespread digital transformation calls for heightened security measures within every organization (Bocayuva, 2021). Most organizations are faced with the dilemma of operating in a secured business environment while maintaining the efficiency of business operations. The primary objective of Information Technology (IT) security is to ensure confidentiality, integrity, and availability of information and information systems. However, implementing adequate security measures that are risk-based is critical in ensuring optimal business productivity (Boehm et al., 2019). Information security does not operate in a silo. Thus, security must go hand in hand with the main objectives of the business, which are to remain profitable and secure at the same time by working with various departments. It is clear that the application of security measures often comes at a cost to the efficiency of business operations; thus, to remain competitive, businesses need to ensure security practices align with business requirements, thereby keeping everything working securely.
Periodic risk assessments are critical in ensuring the efficiency of business operation. Risk assessment involves the identification of threats and vulnerabilities within an organization that could be taken advantage of by intruders to compromise information and information systems; analyze the impact of the risk to the business and classify the risk into high, medium, or low categories while proposing mitigating controls (Bilal et al., 2020). Given that risk assessment is necessary to identify and highlight the risk impact to the business, it is a critical step in risk management. However, before implementing a security control, an analysis of the potential impact this control implementation will have on business activities is critical. This analysis will guide the decision on whether to accept, transfer or mitigate the risk. Given that the main objective of the business is to be profitable, security controls put in place should be geared towards achieving the overall business goal of improved efficiency and security all at once. However, there is common knowledge that excessive security negatively affects performance. This assertion may be accurate, but it depends on the security technology in place and how the security measures are implemented.
To maintain a secured and productive environment, security experts should implement controls that help increase business efficiency. For instance, to protect against unauthorized access with multifactor authentication, the use of modern solutions like Microsoft Authenticator could facilitate logging into multiple accounts with a simple click without using a password (Microsoft, 2021). However, modern technology solutions that make security invisible to the user come at a cost. As a result, organizations must assess the cost and benefits of such technologies together with interconnectivity impact to dependent systems before making a move to implement them where feasible.
Another way a business could operate efficiently while having security safeguards is by implementing security accurately and choosing security techniques that have less overhead on business operations. For instance, encrypting an entire database containing sensitive and non-sensitive data is a perfect example of implementing security incorrectly that will consequently have an adverse effect on performance, which slows down business operations. On the other hand, given that not all data contained within the database is confidential and needs to be encrypted, it is better to encrypt sensitive data and put in place compensating controls that have less impact on business operations. Security controls should be implemented, bearing in mind that organizational performance is a critical indicator of the success or failure of that organization (Shafique-ur et al., 2019).
Bilal, M., Gani, A., Liaqat, M., Bashir, N., & Malik, N. (2020). Risk assessment across life cycle phases for small and medium software projects. Journal of Engineering Science and Technology, 15(1), 572-588.
Bocayuva, M. (2021). Cybersecurity in the European Union port sector in light of the digital transformation and the COVID-19 pandemic. WMU Journal of Maritime Affairs, 20(2), 173-192. https://doi.org/10.1007/s13437-021-00240-4
Boehm, J., Curcio, N., Merrath, P., Shenton, L., & Stähle, T. (2019). The risk-based approach to cybersecurity. McKinsey, New York. https://www.mckinsey.com/~/media/McKinsey/Business%20Functions/Risk/Our%20Insights/The%20risk%20based%20approach%20to%20cybersecurity/The-risk-based-approach-to-cybersecurity.pdf
Microsoft. (2021). How to use the Microsoft Authenticator app. Microsoft. https://support.microsoft.com/en-us/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc
Shafique-ur, R., Rapiah, M., & Ayoup, H. (2019). The mediating role of organizational capabilities between organizational performance and its determinants. Journal of Global Entrepreneurship Research, 9(1), 1-23. https://doi.org/http://dx.doi.org/10.1186/s40497-019-0155-5